CVE-2011-1653
CA Total Defense UNC Server r12 - SQL Injection
Title source: llmDescription
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubywebappscgi
https://www.exploit-db.com/exploits/17922
metasploit
WORKING POC
EXCELLENT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ca_totaldefense_regeneratereports.rb
References (22)
... and 2 more
Scores
EPSS
0.7533
EPSS Percentile
98.9%
Details
CWE
CWE-89
Status
published
Products (1)
broadcom/total_defense
r12
Published
Apr 18, 2011
Tracked Since
Feb 18, 2026